A complaint was filed by the nonprofit organization noyb on behalf of a person, addressing the issue of the AI chatbot ChatGPT's inability to rectify misinformation it creates about individuals.
There have been numerous reports of GenAI tools providing inaccurate information. This poses a challenge as it conflicts with the General Data Protection Regulation (GDPR) in the EU, which outlines rules for processing personal data of users in the region.
If a company fails to comply with GDPR regulations, they could face penalties of up to 4% of their global annual revenue. This is particularly significant for a company like OpenAI, as data protection authorities have the power to require changes in how data is handled, potentially impacting how AI tools can function in the EU.
OpenAI had to make adjustments following a request from Italy's data protection authority, which temporarily shut down ChatGPT in 2023.
Currently, noyb is submitting a new complaint under GDPR regulations against ChatGPT to the Austrian data protection authority. The complaint is being made on behalf of a "public figure" who discovered that the AI chatbot provided an inaccurate birth date for them.
According to the GDPR, individuals in the EU have certain rights regarding their personal information, such as the right to have inaccurate data corrected. noyb argues that OpenAI is not fulfilling this requirement when it comes to its chatbot's responses. The company reportedly denied a request to fix a wrong birth date, claiming it was technically unfeasible for them to do so.
Instead, it provided the option to restrict or prevent the data from being displayed in certain situations, like when showing the name of the person making a complaint.
According to OpenAI's privacy policy, if users find that the AI chatbot has provided incorrect information about them, they can ask for a correction by visiting privacy.openai.com or emailing dsar@openai.com. However, the policy cautions that due to the technical complexity of their models, not every inaccuracy may be corrected.
If desired, OpenAI recommends that users ask for their personal information to be completely removed from ChatGPT's output by submitting a web form.
The challenge for the AI company is that GDPR rights cannot be picked and chosen. Individuals in Europe can ask for corrections to be made to their data and also request for their data to be deleted. However, according to noyb, OpenAI cannot decide which of these rights are applicable.